1) For example, use one of the OAuth2 authorization methods. After this, the user should have a valid authorization token

Example access token - P1fcL6uMpAcM6m7V3MsN5kOG2lM9k7cPwT48gPhrBQbLIXi004TBzVuCEjgJON8hAwrTM9m0VJ8ZepCrJBH1TpDfBUL44dqSIFAyW0UQ17bM8d5gT4NphcNAeC6kIukvL4jp8gpK3v1FJmMdQAOqHIkPi7Q6hDQkdedMso6wUBLfoLI1WeTMlMP1f5qqz7nTeBkpuizOUgd87HHDdrgMbbUZqi7HCaN7Z7OSIAMpc6di6qjkgJ7Cc9KjulGxOn1

2) Create a POST request http://localhost:9000/oauth2/introspect to verify the token with the following parameters: token_type_hint = access_token — the type of token to be revoked token — token value and a header for Basic authorization of the client application to which the token is attached

3) The server will issue a response in JSON format with parameters active = true — is the token active? scope — user roles client_id — client id username — user email login token_type = Bearer — token type exp — token expiration time Example if the token is active: { "active": true, "scope": "user admin", "client_id": "client1", "username": "admin@example.com", "token_type": "Bearer", "exp": 1718248686 } Example if the token is not active: { "active": false } Example, if the token was not issued by the server: { "error": "invalid_grant", "error_description": "Bad access token P1fcL6uMpAcM6m7V3MsN5kOG2lM97cPwT48gPhrBQbLIXi004TBzVuCEjgJON8hAwrTM9m0VJ8ZepCrJBH1TpDfBUL44dqSIFAyW0UQ17bM8d5gT4NphcNAeC6kIukvL4jp8gpK3v1FJmMdQAOqHIkPi7Q6hDQkdedMso6wUBLfoLI1WeTMlMP1f5qqz7nTeBkpuizOUgd87HHDdrgMbbUZqi7HCaN7Z7OSIAMpc6di6qjkgJ7Cc9KjulGxOn1" }